Follow by Email

Sunday, October 20, 2013

SecureDrop

SecureDrop is an open-source whistleblower support system, originally written by Aaron Swartz and now run by the Freedom of the Press Foundation. The first instance of this system was named StrongBox and is being run by the New Yorker. To further add to the naming confusion, Aaron Swartz called the system DeadDrop when he wrote the code.
Here is a detailed security audit
of the StrongBox implementation, along with some great researchers from
the University of Washington and Jake Applebaum. The problems we found
were largely procedural, and things that the Freedom of the Press
Foundation are working to fix.
Freedom of the Press Foundation is not running any instances of
SecureDrop. It has about a half dozen major news organization lined up,
and will be helping them install their own starting the first week of
November. So hopefully any would-be whistleblowers will soon have their
choice of news organizations to securely communicate with.
Strong technical whistleblower protection is essential, especially given President Obama's waronwhistleblowers. I hope this system is broadly implemented and extensively used.